Singapore Cloud Security Summit 2025

As Singapore’s digital economy accelerates, cloud security leaders must adapt to fast-moving threats, evolving AI technologies, and tightening regulatory requirements. This keynote explores how organisations can balance compliance and innovation to build secure, resilient cloud environments.

• What Singapore’s evolving data and cloud regulations mean for compliance and operational agility.
• How AI is reshaping threat detection, response, and automation across cloud environments.
• Building resilient, secure multi-cloud environments that support growth and flexibility.
• Embedding cloud security awareness into culture, leadership, and daily operations.

Enterprise applications are deployed across a wide range of cloud environments, each with their own security controls of various capabilities. In the meantime, the threat landscape for web applications has become increasingly sophisticated, and has seen common threats like Bot, DDoS, and Application attacks persist and grow in complexity.

• The evolving nature of Bot, DDoS, and Layer 7 application attacks — and why they continue to succeed
• Architecting a consistent security inspection and enforcement layer at the edge, independent of origin infrastructure
• Leveraging DevOps tools like Terraform and GitHub to automate the deployment of security controls as part of the CI/CD pipeline

Cloud security in Singapore is entering a new era—defined by tighter regulations, growing threat complexity, and rising dependence on hyperscale infrastructure. In this session, we’ll unpack:

• Implications of the Digital Infrastructure Act and updated MAS outsourcing guidelines on cloud operations and vendor oversight.
• How organisations can future-proof encryption and data protection against emerging quantum computing threats.
• Addressing the security and governance challenges of deploying AI-driven systems in regulated cloud environments.
• Understanding the push for data localisation, sovereignty, and its impact on multicloud and infrastructure decisions.

In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action. 

Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.

Will we collectively choose the right course of action?

Cloud-first organisations across Asia are experiencing a rise in Business Email Compromise (BEC), vendor fraud, and social engineering attacks that evade traditional email security. In this session, we’ll demo how modern cloud security teams can detect and stop these advanced threats—without rule maintenance, user disruption, or signal fatigue.

• Why BEC Keeps Winning in Cloud-First Environments
  Explore how attackers exploit trust, app integrations, and identity gaps to bypass standard controls.
• Replacing Rules with Risk-Based Detection
  See how behavioural AI learns normal user and vendor behaviour to detect anomalies without tuning.
• Real-World Attack Paths and Response
  Walk through recent examples of vendor fraud and internal impersonation stopped by Abnormal’s platform.
• Scalable Defence for Lean Teams
  Learn how cloud-native teams reduce risk with automated investigation and low-touch workflows.

‍

Modern development moves fast—but so do threats hiding in your open-source components and build pipelines. This live demo explores how organisations can gain continuous visibility and control over their software supply chain, from development to deployment, to reduce risk without slowing delivery.

• See how to automatically surface vulnerable or outdated components before they ever reach a repo or build.
• Monitor changes in build behaviour and component flow across dev, staging, and production environments.
• Learn how policy enforcement can support developers, not frustrate them, by guiding decisions in real time.
• Watch how continuous monitoring and actionable insights shrink your response window from weeks to minutes.

Singapore’s proposed Digital Infrastructure Act aims to regulate cloud and data centre operators as critical infrastructure. This session explores what organisations need to know now to prepare for heightened expectations around resilience, incident response, and security controls—before the law comes into force.

• What key requirements are expected under the new Digital Infrastructure Act?
• How will the Act shift risk, accountability, and oversight expectations?
• What should CSPs and customers do today to prepare?
• How will this regulation affect procurement and cloud strategy in 2025?

Choose 1 topic to join on the day!

‍

‍

Put your cloud security knowledge to the test in this fast-paced quiz covering real-world threats, key concepts, and emerging trends. Compete for bragging rights—and a $500 voucher—as the top scorer takes the crown.

As cloud infrastructure becomes the backbone of digital economies, security leaders in Singapore must shift from reactive defence to designing resilience into every layer of the stack. This keynote will explore how to architect secure, adaptive systems that withstand disruption, support innovation, and stay compliant amid evolving threats and regulation.

• Embedding failure-tolerance, redundancy, and response automation into cloud architecture from day one.
• Aligning with MAS TRM, PDPA, and regional frameworks to ensure compliance supports—not slows—delivery.
• Moving beyond policy to execution: what works (and what doesn’t) when implementing zero-trust models at scale.
• Leveraging cloud telemetry and threat intelligence to drive proactive governance and faster incident resolution.

As cloud adoption accelerates, Singapore must redefine accountability across regulators, providers, and customers. Who owns the risk—and who answers when things go wrong?

• Is shared responsibility outdated in 2025’s cloud ecosystem?
• What must every cloud SLA include moving forward?
• Who’s liable when outages or breaches impact customers?
• How can customers gain control without owning infrastructure?